The 20 critical security controls are set of controls recommended and complied by consortium of more than 100 contributors from government agencies, commercial forensic experts and penetration testers. These controls are minimum recommendations for organizations to implement in order to block or mitigate known attacks. They are the baseline of high-priority information security measures and controls that can be applied across an organization in order to improve its cyber defence. The controls are designed so that primarily automated means can be used to implement, enforce and monitor them.

The security controls give no-nonsense, actionable recommendations for cyber security, written in a language that is easily understood by IT personnel. The goal of 20 critical security controls is to leverage cyber offense to inform cyber defence, focusing on high payoff areas, ensure that security investments are focused to counter highest threats, maximize use of automation to enforce security controls, thereby negating human errors, and use consensus process to collect best ideas.

It focuses on various technical measures and activities, with the primary goal of helping organizations to prioritise their efforts to defend against the current most common and the most damaging computer and network attacks. The 20 controls and supporting advice are dynamic in order that they recognize changing technology and methods of attack.

The strength of the Critical Controls is that they reflect the combined knowledge of actual attacks and effective defences of experts in the many organizations that have exclusive and deep knowledge about the current threats. These experts come from multiple agencies of the U.S. Department of Defense, Nuclear Laboratories of the U.S. Department of Energy, the U.S. Computer Emergency Readiness Team of the U.S. Department of Homeland Security, the United Kingdom's Centre for the Protection of Critical Infrastructure, the FBI and other law enforcement agencies, the Australian Defense Signals Directorate and government and civilian penetration testers and incident handlers.

Top experts from all these organizations have pooled their extensive first-hand knowledge of actual cyber attacks and developed a consensus list of the best defensive techniques to stop them. This has ensured that the Critical Controls are the most effective and specific set of technical measures available to detect, prevent, and mitigate damage from the most common and damaging of those attacks.

OBJECTIVE OF THE TRAINING IS TO PROVIDE IN DEPTH UNDERSTANDING ON ALL 20 CRITICAL SECURITY CONTROLS.

Introduction to 20 critical security controls;

Main concepts:

Critical Control 1: Inventory of Authorized and Unauthorized Devices

Critical Control 2: Inventory of Authorized and Unauthorized Software

Critical Control 3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers